Contents
The decline of online privacy
Any Internet user today should already be aware that privacy is almost non-existent. By using any major online service, especially social networks, we are forced to surrender extraordinary amounts of personal data. Even ordinary websites can deploy dozens of trackers, and trying to track them down - using a search engine, for example - makes everything even more difficult. The situation today is simple: accept being tracked in one way or another, or stay off the Internet.
While the privacy-invasive aspects of the internet are widely discussed, far less attention is paid to the companies that enable us to access the internet in the first place. Without broadband providers, the internet would die, but by default, all subscriber-generated traffic passes through them. There's a much bigger conversation to be had about the role of ISPs and their management of subscriber data, but our focus here is on a very specific niche.
When ISPs and content providers collide
All sorts of radical remedies were discussed in the early days of file-sharing, but one, often rejected out of hand, was always destined to represent the greatest threat. In general terms, ISPs "owned" the Internet access pipes and rights holders owned the content. Two decades later, these once warring parties often find themselves under the same corporate roof.
Content owners' total control over subscribers' connections is not yet a reality, but close working relationships and shared interests with ISPs suggest a move in that direction. In 2019, it emerged that a UK-based anti-piracy company, known for its work against pirate IPTV service providers, was sharing data with one or more UK ISPs to determine subscribers' content consumption from various "pirate" servers.
The deal was mentioned again in October 2020 when it was revealed that traffic data from UK ISP Sky supported a successful UEFA court blocking order. A year later, it emerged that Sky had compiled data on high-traffic IP addresses accessed via its network to help an anti-piracy company working for the Premier League.
At this point, we must point out how this work was presented. We were told that it wasn't Sky spying on customer connections via the home modem. This was a completely different activity, i.e. monitoring incoming traffic levels from the IP addresses of "pirate" servers. Some might argue that any kind of surveillance is unacceptable, but what if UK ISPs actually had permission to do more?
Authorization to monitor pirates?
After receiving information suggesting that other ISPs might also be collaborating on similar anti-piracy work, we asked for evidence to show that this is indeed the case. Although it has not yet been revealed, we have been asked to examine legal documents issued by two major UK ISPs: Sky and Virgin Media, and for comparison, BT.
These documents - customer agreements and their associated privacy policies - reveal that when people sign up as customers with at least two UK ISPs, they do so with the understanding that hacking could result in their information being shared with third parties.
Sky Privacy Policy
Sky's documentation contains several references to the protection or enforcement of its own rights, and the rights of "any third party". For example, in the "How we use it" section regarding contact and account information, the policy contains the following:
The same statement appears in the "IP addresses and online identifiers" section, where Sky notes that subscriber information may be used where it has a "legitimate interest", including the protection or enforcement of its own or any third party's rights. "This may involve analyzing activity on our network to help prevent unauthorized access to content or the publication of or access to illegal content," the company notes.
As a content provider in its own right, much of the above will relate directly to Sky's own distribution platforms and its ability to prevent unauthorized access to content under its own control. However, in the section entitled "Sharing with third parties", the statements become much more explicit.
"We share your personal data, such as your contact details, financial data and other information described below, with credit reference and fraud prevention agencies and other relevant parties... for the prevention and detection of crimes such as fraud, hacking and money laundering," the section states.
"Where we reasonably suspect that you are pirating Sky or third-party content, we may share information with other organizations with a similar legitimate interest in the prevention, detection and prosecution of piracy."
How these policies work in practice is unknown, but they're there for a reason. The fact that Sky subscribers actually grant these permissions shows once again that nobody reads the fine print.
Sky's privacy policy is available here.
Virgin Media Privacy Policy
The first mention of the use of customer data for anti-piracy purposes appears in section 4 of Virgin Media's privacy policy.
"We rely on legal obligation and legitimate interests to use your information to ensure we comply with our legal and regulatory obligations (these are our legitimate interests)," Virgin's policy states.
"We use information about who you are and your use of our products and services to block unauthorized or illegitimate content on our TV platforms, respond to legal proceedings and enforcement authorities, and assist authorities and industry organizations with any investigations into security, fraud, anti-piracy, crime or terrorism."
In the section where Virgin states that it uses customer data to "develop, manage and protect" its business, the company says it does so "to identify and prevent piracy and other crimes" and to "identify threats to our network that result in TV piracy".
The company also states that it collects customer information from third-party or external sources, including "fraud and piracy prevention agencies".
Virgin also has a dedicated anti-piracy policy for its own television services.
Virgin Media's privacy policy is available here.
BT Privacy Policy
Unlike its competitors Sky and Virgin, explicit mentions of anti-piracy cooperation are absent from BT's privacy policy. Elsewhere, however, BT goes into detail about the information it collects and how this data is used when a user is suspected of piracy.
"We store information about your use of your broadband connection to help us understand and manage traffic flows on our network, improve our services and inform you of products that may be of interest to you. This includes IP addresses and other traffic data, including the websites you have visited," says the ISP.
"We are sometimes contacted by third parties who monitor illegal online file sharing on behalf of copyright owners. If we receive a complaint that there has been illegal sharing on your broadband service, we may use your IP address to inform you. But unless we are required to do so by law, we will not disclose your personal information to the copyright owner or any party acting on their behalf.
While these three major UK ISPs all see piracy as a problem to be solved, it's clear from these policies that Sky's approach is the most uncompromising, at least on paper. The extent to which it shares data with third parties is unknown, but having put this intention in writing, we can assume that anything is possible.
French (France) 
French (Canada) 
French (Belgium) 
English 
German 
Spanish